On March 3, 2026, the California Privacy Protection Agency (CalPrivacy) announced a settlement with PlayOn Sports (formerly 2080 Media, Inc.), imposing a $1.1 million administrative fine and sweeping compliance obligations. Reached in January, the settlement marks a significant escalation in state privacy enforcement and is the first CalPrivacy action to address privacy violations involving students
Continue Reading California’s PlayOn Enforcement: A New Chapter in Children’s Data PrivacyFTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online
The FTC just released a policy statement regarding enforcement activities related to COPPA, which can be found at this link.
According to Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, age verification technologies are important child-protective technologies, and this policy statement “…incentivizes operators to use these innovative tools, empowering parents to protect
Continue Reading FTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online
UK: ICO v Clearview – a test of the ICO’s reach?
- Clearview’s processing of personal information
CHINA: new stricter and 4-hour data breach reporting requirements for certain incidents
The Cyberspace Administration of China (“CAC“) has recently published the Administrative Measures for Network Security Incident Reporting (“Measures“), which provide further guidance on when and how to report network security incidents under existing laws such as the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. The Measures
Continue Reading CHINA: new stricter and 4-hour data breach reporting requirements for certain incidents
Thailand: PDPA Crackdown 2025: Are You Next? – Major Fines and Lessons from Thailand’s Latest Enforcement
Since the full enforcement of Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) in June 2022, the Personal Data Protection Committee (“PDPC”) has moved decisively from awareness-building to active enforcement. The transition emerged in 2024 when a leading e-commerce company was fined THB 7 million for breaching the law.
In
Continue Reading Thailand: PDPA Crackdown 2025: Are You Next? – Major Fines and Lessons from Thailand’s Latest Enforcement
Uganda: Data protection Regulator Clarifies Compliance Requirements for Offshore Entities
In a decision issued on 18 July 2025 against Google LLC, the Personal Data Protection Office (PDPO) has affirmed that the data protection compliance obligations under Ugandan law apply to all entities that handle the personal data of Ugandan citizens, regardless of where they are based.
The office has also clarified that a
Continue Reading Uganda: Data protection Regulator Clarifies Compliance Requirements for Offshore Entities
Italy: Garante issues fine for use of employee’s private chats in disciplinary actions
The Italian Data Protection Authority (Garante) has fined a company EUR 420,000 for violating privacy laws in the workplace. The decision focuses on the employer’s use of content from Facebook, WhatsApp, and Messenger— shared from the employee’s personal accounts—for disciplinary purposes.
This ruling will have serious repercussions for any employer operating in Italy, especially those
Continue Reading Italy: Garante issues fine for use of employee’s private chats in disciplinary actions
Italy: The Garante Issues First GDPR Fine Over Employees Email Metadata Privacy Breach
The Italian Data Protection Authority (the Garante) has issued its first GDPR fine for unlawful retention of metadata from employees’ emails and web browsing activities. The decision applies the Garante’s highly discussed guidelines of 2024 on the use of metadata in workplace email systems.
The Processing of Metadata in the Employment Relations
Metadata
Continue Reading Italy: The Garante Issues First GDPR Fine Over Employees Email Metadata Privacy Breach
CHINA: Recent Enforcement Trends
Recently, the Cyberspace Administration of China (CAC), which is the primary data regulator in China, published a newsletter about the government authorities’ enforcement of Apps and websites that violated personal data protection and cybersecurity laws during the year 2024.
Based on the official statistics, during 2024, the CAC interviewed 11,159 website platforms, imposed warnings or
Continue Reading CHINA: Recent Enforcement Trends
EU: DLA Piper GDPR Fines and Data Breach Survey: January 2025
The seventh annual edition of DLA Piper’s GDPR Fines and Data Breach Survey has revealed another significant year in data privacy enforcement, with an aggregate total of EUR1.2 billion (USD1.26 billion/GBP996 million) in fines issued across Europe in 2024.
Ireland once again remains the preeminent enforcer issuing EUR3.5 billion (USD3.7 billion/GBP2.91 billion) in fines since
Continue Reading EU: DLA Piper GDPR Fines and Data Breach Survey: January 2025